Any reason NOT to switch to Firefox?

I have always used Internet Explorer. But for years now I have read that other browsers are more secure, safer. With the choice in browsers now available, is there any reason to stick with IE?

 

Most webpages were written to be compatible with IE since it has been taken to be the standard for browser programming. The others may not have the complete set of plug-in add-ons that IE has. Others such as Firefox and Opera are widely used and can display most webpages without any problems. I've continued to use IE since I dropped Netscape several years ago. I usually switch between Firefox and IE and when a webpage doesn't show properly on FF, it usually displays OK on IE.

 

as long as you secure and keep IE patched it should be fine for everyday use.

the browser u use is just a personal preference based on what features u want, how u like the interface, etc.

@ccsito - have u tried teh ietab extension for firefox?

 

No Wsfuser. Still using version 1.5 on my laptop.

 

ietab lets u view pages in an "IE" tab. its very handy for viewing those IE only pages. and it does work on Fx 1.5.

 

Thanks for the tip. I will try it out on webpages that I come across.

 

Vulpaphobia?

I'll purposefully misconstrue this as is there any reason not to rip it out by its bloody entrails from the OS itself?
(w\ XPLite or nLite)
In which case yes, you need it for automatic updates to work if you dont manually download from technet or use ~Link removed - Not recommended by this forum - Ron~
and you need it to make Windows Explorer work properly (webview) but to actually use?

No

slap a noaccess.rat on the beast restrict its IP ranges at the firewall and deny it as much permission as possible with a HIPS

if a website cant bother to conform to W3C verification
make a single exception using IE so you can get thier email addy and tell em to go @##%$$# themselves youll be back when they manage to pull thier head out of their %$##@%$%$#

 

No reason whatsoever to stick with IE.

Tabbed browsing alone is very new to IE, but if you had FF or Opera, that's old news. If you like to customize things, Firefox could be the one for you. But if you want the browser to do pretty much everything from install, go for Opera, imo, the best around. Opera has shortcuts you don't dream about, has email client if you want, torrent client if you like, etc etc.

Some simple things make life so easy in Opera, and obvious features, like 'right click- left click' goes back one page, 'left click- right click' goes forward, all sorts of mouse shortcuts, the 'Trash' to recover tabs that you accidentally closed, or regretted closing (in the same session), save sessions for later review (you can save 15 tabs if you want, with the label "external hard drive" for instance, for later reviewing and buying of HD's).
Simple things that makes you look back and think "IE is stone age"
Lets not talk about security, we only need to take a peak at Secunia

 

but the advantages of alternatives really are what you dont get
you dont get a browser that holds native permissions inside the OS itself and is actually an integral part of the shell, you dont get a browser with historically exploitable code employing dangerous protocols and default permissions, and you dont get a corporation that could care less about your security and would rather hold off on a patch that is so sensitive (because of the integral nature of the browser in the OS) it might bust a multnational's web application

last year critical exploits went unpatched for 3\4th's of the year
http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
http://searchsmb.techtarget.com/originalContent/0,289142,sid44_gci1238795,00.html

excerpt

 

Nothing seems to arouse the passions, make the hair on your neck stand up, call forth abusive, almost vulgar language, than a discussion of browsers. It doesn't get quite as inflammatory here as in other forums, where a psychologist friend notes the rising anger, often starting between two posters, and then bringing in others, cresecendoing to a huge war of words and deleted posts. Why is this?

Recently, the Brian Krebs blog from January 4 that Ice-Czar mentioned caused a furor. Even the comments in the blog degenerated into a war of words between Firefox and Opera users, the latter calling Krebs to task for mentioning Firefox as the only alternative to getting hacked. After some Opera users had their say, a Firefox afficionado replied, "And saying that Opera is more secure is stupid."

Even more interesting is how any methodology and statistics can yield the results you want to show. This article infuriated a good many Firefox users:

Internet Explorer 6.x More Secure than Firefox 1.x in 2006

So, what about the Brian Krebs blog headline that IE users were at risk 284 days last year?

A mathematician/statistician friend of mine puts it this way: "Theoretically, any application is at risk 365 days/year because of the potential for the discovery at any moment of a vulnerability." This is in keeping with my own thought that any line of code has the potential for mis-use.

If you accept that premise - and I do - then either you plan your security from the bottom up and have protection below the browser for the "in case of fire" scenario, or you constantly worry and fret needlessly.

What are you protecting against?

The recent VML exploit caused much concern throughout the computing world. Another Brian Krebs blog included this:

Unofficial Patch Released for IE Flaw

(my emphasis)

and this writeup which mentions that the web page could download one of three .html pages:

The VML Exploit and Rootkits

(my emphasis)

Would you be protected against the installation of an unauthorized (not already installed) executable? An easy test: load an installation CD and attempt to run the setup.exe. If your security doesn't alert, I would suggest you have other problems besides a browser that might compromise you.

An easy way to protect against that -- no purchase necessary -- is to set up Software Restriction Policies. Contact Wilder's resident expert on that, SpikeyB

The question always arises with me, what is the likelihood that I will encounter one of these malicious web pages? "Social engineering" is still the principal trigger. Microsoft typically has this comment in its bulletins:

Other security sites confirm this:

Zero-Day Update: Important Update on VML Exploit

The other means of getting to a malicious site could be just in one's everyday surfing.

For more than six months now, each weekend a friend and I run what I call my "lo-sec" routine, where we do our normal internet work using Internet Explorer set on low security:

http://www.urs2.net/rsj/computing/imgs/ie-options.gif

We do this when we go directly to known malware sites, so that we can test/watch the exploit run.

But in order to see what "normal" surfing would yield, we spend a couple of hours each Saturday/Sunday running this way. We have never gotten an alert (using Anti-Executable) to install something. Pop-ups sometimes, which we don't turn off, just to see if malware might be embedded in such. We monitor the cache, files created, have our firewalls configured to prompt for all outbound.

I just use Google as I normally would, going to any site without reservation.

My friend says she often gets the comment, "well, you just didn't go to the right sites" - or wrong, depending on your point of view.

This is a valid observation, for it calls to mind the notion that our computing activities are just another aspect of our life, so that the situations we experience in computing are likely to reflect our other activities. If the right sites - the ones that would tend to attempt to install malware - are typically sites with "cheats," cracks, pirated software, then if you don't cheat or steal, you are not likely to go to those sites. The old adage, "what you sow, you will reap" still holds true for much in our life.

The browser war, so-called, is much ado about nothing, in my opinion. As WSFuser puts it,

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I have a slightly different standard

does it ship and install so a reasonably thick 8 year old using it is secure?
as a lowest common denominator for the www populace not a bad representative, because its the clueless that are the cannon fodder
they are the bot nets, the spammers the battering rams of DDoS

When assessing a threat its not only from a personal standpoint but an overall health of the system, especially when discussing an ubiquitous application. While nothing can lie like statistics, there are meaningful metrics and deceptive metrics, the patch cycle and number of infections from the wild are meaningful. Ive been singing this particular song long before Kreb's article based on the data at Secunia and countless encounters with the clueless's woes.

And personally don't care what alternative is chosen as long as its not the IE engine.

http://secunia.com/product/11/?task=statistics


Privilege level
http://i16.tinypic.com/4dnsefa.png
http://i3.tinypic.com/30caiqv.png
http://i18.tinypic.com/2hs810n.png
http://i10.tinypic.com/2cep94g.png

its the combination of how critical the exploit with how long it takes to patch after its discovery with its actual employment in the wild that is the only real metric

and IE is the biggest looser
OS integration was a bad idea taken for competitive advantage,
well the edge it provided is gone and has turned into a malware conduit

sure you can secure it there are generally workaround for even unpatched exploits if your aware of them, but should you morally encourage its use?
Or promote alternatives that have responded to the end user and continue to stay ahead of the curve for both yourself and the clueless?

 

Hello,

I see it like this:

If a site does not properly load in non-IE browsers, that's entirely the coder's fault. IE has worst compliance with W3C standards. Worst. Absolute joke of compliance. I have a website and even though 49% of visits to my site are through IE - and not always rendered well because IE does not support CSS as intended - I refuse to use even a single IE hack.

IE, usability, interface, price of addons - a horrible joke on our expense. The productivity one can achieve with FF + 10/20/50 extensions is seven quantum leaps and three quantum hops ahead of IE with 19.95$ cookie cleaner and 29.95$ phishing toolbar.

IE is embedded into OS, patched slowly, has millions of exploits available all over the place - whereas I have yet to find a SINGLE working FF exploit. I'm not talking about PoC. If someone can show me a page where you get infected by drive-by-download through FF, I'll send him a sixpack of Heineken. I'll even pay for quick shipping by FedEx.

The talk "IE is more secure than FF", "FF had 23 exploits while IE has 19 hence IE is more secure" is nothing more than the purest of pure propagandas that server nothing but someone's pocket, add to the general feel of fear and paranoia. It may impress people who have never heard of anything else except IE, Windows and Outlook. A pure form of bovine excrements.

Firefox has lots of beautiful and useful extensions, it can run portable from USB stick, it can share profile with other operating systems, it runs on other operating systems, it is several years of programming ahead of its buggy, crashy, ugly, copycat MS counterpart - if it can even be called that.

No reason whatsoever to stick with IE. All the reasons in the world to switch and never ever look back.

Mrk

 

I can't think of any reason for anyone to stay with "Internet Explorer Browser". I've been using firefox for about 3 years. I also use opera sometimes. Firefox is just a lot more secure browser.

I haven't tried the newer version of "IE". I have ie version 6 installed on this computer.I never let it access the internet. I have it blocked with the firewall. I hate IE

Some people hate norton. I hate "IE" It's the worst piece of software ever made in my opinion

I know, someone is going to ask how I do windows updates? What updates ? Microsoft no longer gives updates to "Windows Me or Windows 98 Users'

However, if you look at the majority of your windows updates. Most of them are a patch for "IE" ROFLMAO.

Concerning website compatability.. You will find a few websites that require additional plug ins for Firefox. However, their aren't many of them. I do online banking with a small hometown bank. I've never had a problem using firefox with them.

That's just my opinion of "IE". Version 7 may be better...I don't know. From all the reviews I've read on the internet... Firefox still beats out ie 7 by a long shot.

 

Try to avoid using Microsoft-software all together,it is just expensive crap.

Lamehand

 

Interesting statistics, but:

Much more useful statistics would be: of all of the millions of computers world-wide that are infected, what percentage were the result of browser exploits? Of email executable attachments? Of ports/services exploits?

The fact the the trojan ports are still exploited must mean that it is worth while for malware writers to do so because people either have no firewall, or don't have the exploit patched.

http://www.urs2.net/rsj/computing/imgs/kerio_trojan.gif
___________________________________________________________

Port graph:

http://isc.sans.org/port.html?port=135

The top viruses still propagate via email:

Top 10 viruses reported to Sophos in December 2006

Recent backdoor/bot trojans enter by "clicks" on email attachments, such as the recent postcard.exe:

Second Trojan Variant Storm Worm Spreads through Social Engineering

Trojan.Win32.Zapchast

Other recent trojans
__________________________________________________________

Until those statistics are generated - and it would be almost impossible - we don't know how much of the problem is the browser exploit.


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I rail just as voraciously against
folks not running Firewalls and AV scaners as using IE

difference is that everyone generally is forced to use a browser
and the "default" application is of course the most flawed one

 

erj you can try IE7 Pro freeware add-on - AD filter, mouse gestures, crash recovery, etc.
In IE7 Internet zone can be set only to Medium and it alerts, if security settings are changed.

Firefox is great though, especially with NoScript & extensions to block ADs, cookies, referres.
Also backing up FF is a dream, just copy one folder (with favorites, extenions, etc) unlike IE.

What do you have against me?! But you are right, especially beginners runing IE6.

 

Concerning internet exploits, AV would be the last thing I would want to rely on behind the browser/email program because of the zero-day stuff.

Some examples:

1) http://isc.sans.org/diary.php?storyid=880

2) http://www.offensivecomputing.net/?q=node/132

Updating an AV database is the same as applying patches. Quicker, for sure, but there is still that window of opportunity. I wouldn't feel secure at all.

Of course, one could argue that he wouldn't open attachments in the first place, in which case, he wouldn't even need an AV for that.

Still no reason to dump IE.

To quote again:

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Well, even if you think IE is as safe or safeR , just look at the functions and features missing...
Face it, IE is stone age. And it's not that IE7 does more things and better than IE6 that will ever change my mind. Even if they update to IE8 with all the features in FF and Opera, i'll still prefer these, because they're the ones that are innovating!

Again i repeat: new features in IE7 are already in FF and Opera for ages!

If there are new features not in FF or Opera, that are in IE , my guess is:
I'LL NEVER NEED THEM!

 

My main reason for not switiching to Firefox is duplication of function. I hate to waste precious resources by having 2 programs that do the same thing.

If you use Firefox, it is my understanding that you must also keep IE in order to do windows update. Is this correct?

 

Yes, but IE won't use anything if not used.
But now that you say that, i now remember that there's a FF pluggin to act as IE. Maybe i can update with this? I'm not sure.

Think it like this: i do more things and faster with Opera. Just try it, read a bit about it (short-cuts etc.) and you won't go back to IE.

Simple things, that even if explained, you won't see the benefit. You'll answer: i don't need that, i can do that with this and that app., i can tweak it to do that, etc.
Believe me, i read that, friends explained that to me, and i answered just like above. One fortunate day, IE wouldn't start, or crashed, and i tried FF. Then Opera. Like in my sig., i never looked back.

Firefox is highly customizable. Opera probably has everything you need from the get-go, and you find features built-in, that you previously weren't aware of!
Just give it a go, and try the features that Opera's homepage presents to you. You'll be surprised. It's best to try it out yourself, reading about it is not the same, believe me.

 

Yes, that's correct. I keep IE (in this case IE7) around just for that and the fact that FF has both IE Tab and IE View which uses the IE engine. I've found quite a few places where FF does not display pages correctly.

 

OK...I think I have been talked into trying Firefox or Opera. I am not trying to start a Firefox-Opera war.

But what I want to know is:

1. If I try Firefox, what extensions should I also try (thinking from a security perspective as well as blocking cookies and adds). And does it have settings that I can set to make it as secure as possible?

2. Same for Opera...

More than likely, I will not mess with many of the optional features to enhance the browsing experience. I am strictly making the change with PC security in mind.

 

FF's exts: NoScript, CookieSafe, RefControl. Additionally: Adblock or Adblock Plus.
With those extensions, you can enable cookies, referrers or scripts via FF's systray.
As for Opera, I never got it to block cookies nor scripts, so I will rather say nothing.

Blocking scripts, java, flash provides 99,99% security. NoScript can enable scripts for one page only, even when there are scripts from other pages included. That is, what I envy to Firefox.

 

Hello,

Some nice extensions for FF:

Adblock / Adblock Plus (+Filterset.G Updater) for blocking ads
Cookie Button + Cookie Button in the Status bar for blocking cookies
Noscript, for blocking javascript and/or other plugins (flash, java)
Refcontrol, for controlling the referrer of your browser
User Agent Switcher, for changing the default ID of your browser for improved / false rendering of sites
Video Downloader, for downloading flash movies
ScrapBook, for easy saving and catalogueing of sites
Zotero, for management of documents, websites, notes
IE Tab, for using IE engine via Firefox
Dr. Web Link checker, for checking remote links using Dr. Web AV
Mouse Gestures or All-in-One Gestures, for those too lazy
Sage, RSS feed reader
FireFTP, an FTP client

And so many more...

Mrk